ASIC Confirms on Cybersecurity Controls by AFS Licensees
- The confirmation came after a court ruling against an AFS license holder.
- There is no specific cybersecurity measure on AFS license obligations.
Under the many conditions of an Australia Financial Services (AFS) license, the specific requirements of cybersecurity measures are not mentioned. But, a federal court in the country held an AFS license holder accountable for breaches of its license obligations for failing to adequately manage its cybersecurity risks.
Now, the Australian Securities & Investments Commission (ASIC) has clarified its stance on adequate cybersecurity
Cybersecurity
Cybersecurity is a blanket term that refers to the protection of computer systems and networks from the theft.More broadly speaking, cybersecurity can also represent countermeasures against damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.It was not long ago that the term cybersecurity not exist as it was first used in 1989. In today’s vernacular cybersecurity, refers to measures taken to protect a computer or computer
Cybersecurity is a blanket term that refers to the protection of computer systems and networks from the theft.More broadly speaking, cybersecurity can also represent countermeasures against damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.It was not long ago that the term cybersecurity not exist as it was first used in 1989. In today’s vernacular cybersecurity, refers to measures taken to protect a computer or computer
Read this Term measures for regulated financial market players. ASIC issues the AFS license and conducts supervisory duties.
“ASIC does not prescribe technical standards nor provide expert guidance on operational aspects of cybersecurity. We also do not prescribe specific requirements for individual license holders,” the regulator stated.
“We do, however, expect licensees to address cyber risk as part of their AFS license obligations, including risk management.”
In addition, it clarified that dual-regulated AFS licensees have the obligation to comply with all necessary standards of the other regulator.
Cybersecurity Measures Are Needed
The questions of cybersecurity measures as a part of the AFS license obligation arose with a ruling against RI Advice by an Australian court. The company was found to have breached its license obligations as it failed to have adequate risk management
Risk Management
One of the most common terms utilized by brokers, risk management refers to the practice of identifying potential risks in advance. Most commonly, this also involves the analysis of risk and the undertaking of precautionary steps to both mitigate and prevent for such risk.Such efforts are essential for brokers and venues in the finance industry, given the potential for fallout in the face of unforeseen events or crises. Given a more tightly regulated environment across nearly every asset class,
One of the most common terms utilized by brokers, risk management refers to the practice of identifying potential risks in advance. Most commonly, this also involves the analysis of risk and the undertaking of precautionary steps to both mitigate and prevent for such risk.Such efforts are essential for brokers and venues in the finance industry, given the potential for fallout in the face of unforeseen events or crises. Given a more tightly regulated environment across nearly every asset class,
Read this Term systems to manage its cybersecurity risks.
The judge acknowledged that it is not possible to reduce the risks of any cyber attack to zero. But, the companies can significantly reduce the risks by implementing appropriate measures.
The Australian Cyber Security Centre (ACSC) already recommended companies implement at least eight essential mitigation strategies to reduce cybersecurity risks, but they are not obligatory.
“This decision confirms that AFS licensees must have adequate technological systems, policies and procedures to ensure sensitive consumer information is protected. This will minimize the risk of consumer harm,” ASIC said.
“If an AFS licensee fails to meet its obligations as a result of similar conduct or omissions, ASIC may take enforcement action, as we did with RI Advice, which can result in significant penalties.”
Under the many conditions of an Australia Financial Services (AFS) license, the specific requirements of cybersecurity measures are not mentioned. But, a federal court in the country held an AFS license holder accountable for breaches of its license obligations for failing to adequately manage its cybersecurity risks.
Now, the Australian Securities & Investments Commission (ASIC) has clarified its stance on adequate cybersecurity
Cybersecurity
Cybersecurity is a blanket term that refers to the protection of computer systems and networks from the theft.More broadly speaking, cybersecurity can also represent countermeasures against damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.It was not long ago that the term cybersecurity not exist as it was first used in 1989. In today’s vernacular cybersecurity, refers to measures taken to protect a computer or computer
Cybersecurity is a blanket term that refers to the protection of computer systems and networks from the theft.More broadly speaking, cybersecurity can also represent countermeasures against damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.It was not long ago that the term cybersecurity not exist as it was first used in 1989. In today’s vernacular cybersecurity, refers to measures taken to protect a computer or computer
Read this Term measures for regulated financial market players. ASIC issues the AFS license and conducts supervisory duties.
“ASIC does not prescribe technical standards nor provide expert guidance on operational aspects of cybersecurity. We also do not prescribe specific requirements for individual license holders,” the regulator stated.
“We do, however, expect licensees to address cyber risk as part of their AFS license obligations, including risk management.”
In addition, it clarified that dual-regulated AFS licensees have the obligation to comply with all necessary standards of the other regulator.
Cybersecurity Measures Are Needed
The questions of cybersecurity measures as a part of the AFS license obligation arose with a ruling against RI Advice by an Australian court. The company was found to have breached its license obligations as it failed to have adequate risk management
Risk Management
One of the most common terms utilized by brokers, risk management refers to the practice of identifying potential risks in advance. Most commonly, this also involves the analysis of risk and the undertaking of precautionary steps to both mitigate and prevent for such risk.Such efforts are essential for brokers and venues in the finance industry, given the potential for fallout in the face of unforeseen events or crises. Given a more tightly regulated environment across nearly every asset class,
One of the most common terms utilized by brokers, risk management refers to the practice of identifying potential risks in advance. Most commonly, this also involves the analysis of risk and the undertaking of precautionary steps to both mitigate and prevent for such risk.Such efforts are essential for brokers and venues in the finance industry, given the potential for fallout in the face of unforeseen events or crises. Given a more tightly regulated environment across nearly every asset class,
Read this Term systems to manage its cybersecurity risks.
The judge acknowledged that it is not possible to reduce the risks of any cyber attack to zero. But, the companies can significantly reduce the risks by implementing appropriate measures.
The Australian Cyber Security Centre (ACSC) already recommended companies implement at least eight essential mitigation strategies to reduce cybersecurity risks, but they are not obligatory.
“This decision confirms that AFS licensees must have adequate technological systems, policies and procedures to ensure sensitive consumer information is protected. This will minimize the risk of consumer harm,” ASIC said.
“If an AFS licensee fails to meet its obligations as a result of similar conduct or omissions, ASIC may take enforcement action, as we did with RI Advice, which can result in significant penalties.”